Methods to Prevent Brute-Force Attacks

Ken
2013-02-13
2013-02-28
  • Ken
    Ken
    2013-02-13

    I'm a giant proponent of Password Safe and I've been using it for years. I've now started using it for other sensitive information however this got me thinking, if my computer was stolen what would prevent someone from launching a Brute-Force attack against the data base. I searched all the options looking for some sort of option that would either make the safe unresponsive for a period of time, say 30 minutes after 20 wrong attempts, or an outright deletion or mass corruption of the data base after so many incorrect attempts, say 50 wrong attempts.

    Is there such a option and I missed it?

    If not I think this would be an very beneficial future add to enhance the overall security of the product.

    Any help would be appreciated.

     
  • fernando
    fernando
    2013-02-13

    If I make 100, or 1000, or 1,000,000 copies of your database file,
    how does that effect your suggestions?
    (rhetorical question)

     
  • Ulrich Boche
    Ulrich Boche
    2013-02-13

    If someone has a copy of a PasswaordSafe (or similar product) database, he will typically not use the program's front end to crack the master password. He will try to crack the master password with the help of programs that run on banks of high performance graphics cards using the GPGPU API by means of testing against the master key hash stored in the database.

    Limiting the number of password attempts in the front end is rather meaningless. It only makes sense in environments where protection is needed against remote attacks and the attacker does not have a copy of the database. This is not the case with PasswordSafe on a PC.

    If you look at the following thread:

    https://sourceforge.net/p/passwordsafe/discussion/134800/thread/671fd0d4/

    you will see links to two documents in Rony's reply to my question. Specifically the second paper should give you a good idea of what has been done to protect the master password against brute force attacks.

     
  • Rony Shapiro
    Rony Shapiro
    2013-02-14

    As others have written, blocking a brute-force attack by means of the program is like planting a stake in the desert and hoping your enemy trips over it - it's absolutely trivial to bypass, for example, by using an earlier version of the program that does not have this mechanism, or better yet, using a specially written cracking program.

    I think most users should worry about the flip side of this question: (1) Backups of the database stored outside their primary machine, (2) a way for family/management/co-workers to access the data if they're incapacitated. For this I keep a sealed letter in a physical safe, and strongly recommend users make similar arrangements, according to their needs.

     
  • Ken
    Ken
    2013-02-14

    All good points. I do keep a copy of my master password with my will in my safety deposit box. I will read the article posted in the link that Ulrich posted.

    Without reading the article I'm now staring to think that multiple safes with specific information to limit losses should a safe be cracked and maybe even some decoys might be the way to go. I will read the article on how the Master key is protect.

    Thanks for all the responses.

     
  • Keeping multiple safes is an EXCELLENT idea that I can highly recommend to most users.

    For example, I have several, but there are 4 that are of primary concern.

    The first is my main safe, which holds most of my personal accounts and passwords.

    I have a second safe that is somewhat nonstandard: I use it to store the registration codes and activation keys for all of my non-open-source software. This is mere convenience to keep those entries (~50) from cluttering my passwords DB (with ~400 entries).

    The third of my "top 4" contains passwords for various things that I use at work, and that are not personally attached to me. If I leave my current job, or even change positions within the company, I can simply supply my successor with that file and its password (via different channels, of course). This assures:

    • I've given them access to everything they'll need
    • I haven't left out anything
    • I've kept the information secure in my daily work
    • I've transferred it securely during the transition
    • I haven't revealed any OTHER sensitive information that I didn't mean to.

    The fourth of my "top 4" safes contains rarely used information where I want to have extra security. I keep that safe entirely offline and only access it temporarily when I have to -- preferably from a non-internet-connected machine.

    All 4 safes have different master passwords. All are strong but some are stronger than others. I keep a copy of the passwords to the "software keys" database and the "work accounts" database in my main database, because their security level is already considered lower than that of my main safe. Most master passwords for my safes are kept in a list in my safety deposit box. The password to my high-security database is kept in a location similar to a safe deposit box.


    I hope this helps anyone who is considering how to effectively use multiple databases in PasswordSafe!

     
  • LOGAN
    LOGAN
    2013-02-28

    If you're really paranoid or careful, you could always consider using a Yubikey. In that case one would have to have the Yubikey and password to open the safe. Really great technology combined with a great password manager.